When we want to target a network, we want to find an efficient tool to help us handle repetitive tasks and answer the following questions:
The tool that we will rely on is Nmap.
Before the dawn of computer systems and networks, in the Art of War, Sun Tzu taught, “If you know the enemy and know yourself, your victory will not stand in doubt.” If you are playing the role of an attacker, you need to gather information about your target systems. If you are playing the role of a defender, you need to know what your adversary will discover about your systems and networks.
RED PILL BLUE PILL
Which Side are you on ?
Reconnaissance (recon) can be defined as a preliminary survey to gather information about a target.
We divide reconnaissance into
But, for now, we will focus on active recon. Just for information Passive recon you rely on publicly available knowledge. It is the knowledge that you can access from publicly available resources without directly engaging with the target. Think of it like you are looking at target territory from afar without stepping foot on that territory. On the other hand, active recon cannot be achieved so discreetly. It requires direct engagement with the target. Think of it like you check the locks on the doors and windows, among other potential entry points. Later on we will go in depth on what active and passive recon are. Nmap comes under active recon, which directly engages with the target system for live hosts and open services.
Nmap is an essential industry-based tool for both Attacker and Defender.
Like most pentesting tools, nmap is run from the terminal. There are versions available for both Windows and Linux. Nmap can be accessed by typing nmap into the terminal command line, followed by some of the "switches" (command arguments that tell a program to do different things). All you'll need for this is the help menu for nmap (accessed with nmap -h) and/or the nmap man page (access with man nmap)
<aside> 📌
</aside>